Description:
This document explains how to set up a VPN connection between two LANCOM routers and their configuration.
Requirements:
Scenario:
There are two independent networks with different IP address ranges.
These are now to be connected via a VPN with dynamic IP addresses being used for Internet access.
Procedure:
Configuration of the VPN should always be carried out with the LANconfig Setup Wizard on both routers.
1. Launch the program LANconfig and double-click on the router on which you wish to configure the VPN. Select the option Connect two local area networks (VPN).
2. Select the option VPN over an Internet connection.
3. Select the corresponding parameters:
4. Irrespective of the router connection, the following points can be selected:
5. You first define the name of the local device that the router uses to identify itself to the remote device...
...and then the name of the remote device
Please note that the identity of the local router must match the name of the remote device entered in the remote router, and vice versa.
This means, for example, that when a device uses "own identifier: LANCOM1" and "remote device name: LANCOM2" the value for the "own identifier" in the remote device must be "LANCOM2" and the value for "remote device name" must be "LANCOM1"
6. Now enter the telephone number of the remote device.
The field for the incoming number can be left empty and added to the configuration under Communication -> Call Management -> Accept calls -> Number list at a later point in time.
7. Now select Preshared key as authentication for the connection.
Setting up a connection with certificates is dealt with in a separate document.
8. This dialog window is used to define the password for the LAN-LAN connection and the shared secret for
encryption. Please ensure that different passwords are used for the two values.
You can check the entries in the configuration under Communication ->
Protocols -> PPP list (password) and VPN -> IKE-Auth. -> IKE keys and identities.
9. Select additional encryption parameters for the connection:
10. You can configure the shorthold time:
The first option sets a shorthold time of "9999", meaning "keepalive".
After the connection is cut, it is re-established immediately. If the connection is to be established only for data transmission, select the second option. In this case, if the shorthold value is set to 0, the VPN connection
can only be closed when the provider performs a forced disconnection. Active reconnection does not take place.
11. Specify the network that is to be reached via the remote device with the appropriate
network mask. The domain name entry depends on the server structure used.
12. The Extranet option should only be used when you wish to add additional masking behind
the extranet address. The tunnel will then be masked behind an address similar to an Internet connection.
This is dealt with in a separate document.
13. In this step the Wizard can be used to activate additional NetBIOS functionality in the router,
i.e. when PCs are to access resources on other computers.
14. The configuration will now be saved when you close the Wizard.
15. Execute the Wizard in the same way on the remote device and use the corresponding parameters. |
|
